Posted
by
CmdrTaco
on Tuesday June 21, 2011 @08:43AM
from the lulz-till-it-isn't dept.

An anonymous reader writes "The UK's Police Computer e-Crime Unit (PCeU) has arrested a 19-year-old man in Wickford, Essex, in connection with the series of LulzSec attacks against organizations including the CIA, PBS and Sony. The man, who has been arrested under the Computer Misuse and Fraud Act, has had his house searched and a significant amount of material taken away by police for forensic examination. The PCeU worked with local Essex police and the FBI on the investigation."

It's important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities. But many observers are speculating that that could be the case.

In the dark ages before the internet, when dinosaurs ruled the earth and grammar nazis were kept caged in cellars underneath college english departments, journalists learned to never directly state the person was guilty. Guidelines were developed to prevent over-zealous lawyers from destroying the freedom of the press through endless lawsuits. So, in the event of a crime, we are not allowed to refer to it as "your" crime, merely "a" crime.

This is true. But the "some observers say" thing should set off anybody's bullshit detector. Who the hell are those observers? Are they people who actually have inside knowledge of the case? Random Slashdot posters? The journalist's drinking buddies?

Yeah, it's along the same lines as "Some people say" or "We're hearing." It's a way for journalists to bring up a topic without owning it. "Not that I'm calling you a murderer, but some people are. How do you respond?"

So they went after the LulzSec mouthpiece instead of after someone involved with their illicit activities. Certainly the weakest link in the chain, but I wonder realistically how much this will limit LulzSec.

Judge: "Can the defendant please state, for the record, why they felt it was necessary to take down several high-profile website, costing those companies hundreds of thousands in lost income, cleanup costs, and angry support calls?"

Defendant's Lawyer: "Ah, your honor, let the record show... they did it for the 'lulz'".

Judge: "I see. Well, in the spirit of their crime, sentencing will be 'for the lulz'."

You raise an interesting question: what will he be tried for? Penalties under the Computer Misuse act presumably, but in that case it seems unlikely he would get a long sentence. Maybe they could go for criminal damage but nothing was actually "damaged" per-se, just temporarily rendered unusable.

Loss of income is a civil matter and the affected organisations would have to sue him themselves for restitution.

Assuming they have the right guy of course, judging by the police's usual level of competence in these

It's important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities. But many observers are speculating that that could be the case.

It's important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities. But many observers are speculating that that could be the case.

What I don't get is why is this shit always publicized? Instead of waving their dicks around every time a dumb fuck is caught, it'd make more sense to use that caught individual to provide new leads, and catch as many as possible before the rest of the organization goes further into hiding. Seems to me they're doing it purely for PR, rather than because it's their damn job.

Its publicized because its pretty much illegal to arrest someone secretly -- one of those things in place to prevent police abuse of power. Arrest reports are public records. At that point you can try to slip it in to the daily feed, but its generally easier to just issue a press release in a high profile case. In this case, however, it looks like they didn't do that. They just arrested the guy and haven't talked yet about the details.

True, but not so if it's an issue regarding National Security, and given the court's recent stance on cyberterrorism being "an act of war", they could very easily manipulate this to be such a case so they won't have to immediately disclose anything.

After all they can keep asking for the key to the hidden partition they "know" is there and when you refuse to provide them (because there is no hidden partition) you get 2 years in jail (5 if they can make it look terrorism related)...

This is why I have a tiny hidden partition on my TrueCrypt volume, using the same key as the container, holding a single text file, with the contents "This file exists to prevent any prosecution case stating that I have not provided the encryption key to any "hidden" volume on my computer, and would otherwise not exist."

All I have on there is some personal finance information, a password database and the obligatory BitCoin wallet anyway. I just don't want to spend 2 years in jail because the prosecution's

Indeed. How can they prove that the "hidden volume" exists?
Their best bet would be to install a spy-camera and watch the subject performing some illegal activity, and that may not even work if he is cautious and goes to some public place with a laptop.

I truly think that Lulzsec is doing good work, and they should be applauded for their efforts. I really hope this kid was using strong encryption and covering his tracks enough to provide a credible legal defense, although considering he was caught probably not. What they are doing is a good thing, there needs to be a force in the world working to encourage better security practices--there wasn't previously to a sufficient degree, nothing like this. My data is safer because of the heightened vigilance they

Both of the scenarios involve groups who believe in their rightous cause and are willing to break the law and create harm to others to prove their point. One is certainly more extreme and damaging then the other however by condoning one you are implicitly condoning the other. Who gets to decide what constitutes a "good cause" that justifies breaking the law?

One should treat others as one would like others to treat oneself (positive form)
One should not treat others in ways that one would not like to be treated (negative/prohibitive form, also called the Silver Rule)

You really are a complete prat, aren't you? Staggered by the idiocy of your comment, I have looked through your comment history, and am somewhat surprised to find that it's not a one-off. You despise rules imposed by other people, but nevertheless believe that everyone should abide by your own.

Someday lulzsec, or some equivalent group of twats, will release your own personal details on the Pirate Bay. And then you will be back here to tell us all how information should be free and that lulzsec are great. I

Because attacking a PBS website because they broadcast a story you didn't like makes all of us safer. I mean no need in hearing any news story that might upset us now is there?I hope the catch as many as possible. They have attacked freedom of speech and freedom of the press. They have hurt many innocent consumers if not out right hurt them all for the lulz. You have a really odd idea what good work is.

Meh.. few countries, if any, have more "process" than America (the US). It's probably far more common that a guilty person gets off on a technicality than an innocent person gets sentenced, though it does happen.
-OTOH, most cases don't involve the CIA...

They've been arrested. The public is watching. There will be a trial. How much more due process do you think a criminal deserves? These guys aren't going to some secret military prison to be tortured because their second cousin twice removed once had a bad thought about his government...

I think he was referring to the way people react to the news that someone was arrested in connection with a thing - they don't presume innocence until proven guilty, unless they are the ones in the hotseat. There hasn't been a trial, so the process hasn't been completed, yet people are passing judgment as if it were over. So you're right about the thought police, but the unfortunate reality is that the public's mob justice tends to ruin lives whether those lives were actually guilty or not. Let's all just w

Of course after a fair hearing. Thing is that if he is guilty then they will make an example of him and get him to turn in others. After a few dozen of the LulzSec minions are sitting in prison the rest will follow. It is funny that so many people on Slashdot really thought that LulzSec was going to get away with taunting world governments. They have their own really bright folks and lots of resources. As long as Anon and Lulz where just messing with companies like Sony and generally being juvenile they whe

I wonder how much of one another's real identity they know of. Pretty little I imagine, why would someone from such a group share any private detail with others?

Also correct me if this sounds too simplistic but I imagine the very first thing I'd do if I were from such a group would be to never connect from anything else than a neighbor's open or cracked wifi (with my dedicated hack station of course, I'd have plenty of normal traffic on the other ones). Is there really still much of a chance to get identi

Give me a break. If it is THAT vulnerable where a hacker can access a system then they are going after the wrong person. It isn't like this guy is in the country. You can't just go after anybody you please. It isn't reasonable. They can't catch guys operating out of North Korea, Sudan, Iran, or Cuba. There should be standards that developers have to live up to or I should say the products. If they don't then the companies selling said products should be the ones held liable. Yes- it means increased costs. That is what would be reasonable. Just because you catch a handful of the people who can exploit these systems because those systems are so easy to exploit does not fix the problem. It is stupid to go after the very people who are finding the holes rather than fixing the damm holes.

Closer would be placing your money in a bank, then later finding out - after the bank has been robbed and your money stolen - that their vault door was just painted onto a bit of plywood leant against the wall.

Closer would be placing your money in a bank, then later finding out - after the bank has been robbed and your money stolen - that their vault door was just painted onto a bit of plywood leant against the wall.

Your analogy with a house failed because a regular house is not storing millions of records on people. This is more like getting a bomb on a train, intruding into the cockpit of a plane, in order to prove a point. Both of which have been repeatedly done by TV shows.

There are two separate issues: did the hackers make unauthorized use of a computer, and was the computer adequately protected. These are independent. There are laws against unauthorized use of computers, and they do not specify some 'degree of difficulty' before they are effective, nor should they. Unauthorized use is unauthorized use, period. There may or may not be laws regarding protection of data. However, even if there are, violation of THAT law would be a separate crime, and in no way would excuse someone who violated the unauthorized use law.

And your analogy is much worse than the house analogy. The hackers actually did damage - they released account info, DDOS'd servers etc. To complete your analogy, the bomb must actually be detonated. If that were the case, I doubt anyone would be defending the person who did it as some kind of hero for pointing out a security weakness.

Yeah, for just a few shekels a month you can store your valuable goods in my underground vault protected by this ten foot thick, time-locked steel door to which only you will have the key.
Ooops! Sorry, seems somebody got in and stole your items. We never thought they would come in through that unlocked window at the back of the vault.

It isn't in the summary, I just threw it out there to demonstrate a point. OP said only data was moved, nothing was physically taken. So I asked if I could move data around to show his bank account was zero - I didn't actually take anything, just moved data around. I wasn't trying to illustrate what had actually happened. If I somehow led you to believe that is what took place I apologize.

Yep, I agree. Just today I was reading about a murder trial where someone shot someone in the chest and killed them, and I thought 'That is stupid. They shouldn't prosecute the shooter, they should prosecute the maker of the t-shirt the victim was wearing. The shooter is actually a hero for pointing out how defective these t-shirts are'. I mean, you can't catch ALL the murderers, so instead you should put all the responsibility and blame on the victims, right?

Since when are T-Shirts purported to be bullet proof? If I were to call up any of the hacked companies with concerns about my information, I guarantee you they'd tell me it's safe and secure. I hold these companies with my personal information just as liable as I would my bank if my safety deposit box was plundered.

So if your safety deposit box was plundered, you think the robbers shouldn't be found and prosecuted just because the bank to YOU it was safe? That is just stupid. Of course the bank may have some liability to you, but that certainly does not let the robber off the hook.

With all the high profile attacks and leaking private info of companies then attacking FBI and other law enforcement agencies I bet his looking for a lifetime sentence. Serves him right.

This is the UK. Should he be someone from lulzsec and if they have a decent amount of evidence to prove he was a main player I'd say he'll get 2-3 years max and likely out in 12-18 months for good behaviour

This is the UK. Should he be someone from lulzsec and if they have a decent amount of evidence to prove he was a main player I'd say he'll get 2-3 years max and likely out in 12-18 months for good behaviour

At that sentence length, no. Maximum 1/3 off for good behaviour once the sentence is over 2 years long.

The difference is that the untouchable circles in Russia and China, you never hear about. They aren't dumb about advertising their successes and this can make it very easy for a company to not acknowledge it either (or maybe not even notice). It's also a lot easier to target consumers than companies. Attack a company and you may get customer information, but they are more likely to notice and take necessary actions to limit damage. That isn't the case with the little old lady that clicks the link to rem

That's the idea, but really it doesn't work that way for this kind of hacking any more than it works for carjacking. In this case, one down is probably 100 less who think they'll get away with it. I mean, it's not like they're freedom fighters being stepped on by the government. They're class A jackholes, being jackholes. Watching the class clown get sent to the office where he is butt-raped by the principal probably doesn't inspire lots of others to take up the mantle and carry on the cause of lulz.

1. Someone attacks senate.gov "for teh lulz"2. FBI investigates and discovers it is coming from an English IP address3. They ask Scotland Yard for help, and trace it to someone in Ess*x4. Ess*x Police get the appropriate wiretap warrants, and move in while he is in the middle of attacking soca.gov.uk, again "for teh lulz"

In GP's defense, he's probably just used to forums that autocensor. Being in environments like that train people like the dogs they are. Furthermore, 'middlesex' is funnier. It's like a geographic DP threesome.